[c-nsp] PIX515 don't want to allocate ip address on interface.

Nikolay Pavlov quetzal at zone3000.net
Fri Aug 4 14:46:15 EDT 2006


On Thursday,  3 August 2006 at 14:10:10 -0700, Michael K. Smith wrote:
> Hello:
> 
> 
> 
> I think a little more information is required.  How about:
> 
> 1) sho interface ethernet0
> 2) sho interface ethernet1
> 3) sho arp
> 4) What is the syntax for the ping command you are using?
> 5) Have you done the necessary steps to create ssh keys, including adding
> your domain name and then generating the key?
> 
> Regards,
> 
> Mike

Ok... Here is additional information:

cspix515-fw1-NY# sh interface ethernet 0
Interface Ethernet0 "outside", is up, line protocol is up
  Hardware is i82559, BW 100 Mbps
        Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
        MAC address 0003.e300.0e6c, MTU 1500
        IP address unassigned
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        3647 packets input, 220501 bytes, 0 no buffer
        Received 3649 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 L2 decode drops
        0 packets output, 0 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max blocks): hardware (128/128) software (0/93)
        output queue (curr/max blocks): hardware (0/0) software (0/0)
  Traffic Statistics for "outside":
        3547 packets input, 164723 bytes
        0 packets output, 0 bytes
        20 packets dropped

x515-fw1-NY# sh interface ethernet 1
Interface Ethernet1 "inside", is up, line protocol is up
  Hardware is i82559, BW 100 Mbps
        Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
        MAC address 0003.e300.0e6d, MTU 1500
        IP address unassigned
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        8853 packets input, 531180 bytes, 0 no buffer
        Received 8853 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 L2 decode drops
        0 packets output, 0 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max blocks): hardware (128/128) software (0/97)
        output queue (curr/max blocks): hardware (0/0) software (0/0)
  Traffic Statistics for "inside":
        8747 packets input, 402362 bytes
        0 packets output, 0 bytes
        0 packets dropped

cspix515-fw1-NY# sh arp
empty ... 

Don't worry about ssh, i know the procedure... 

Here is once again "sh ip address" command:

cspix515-fw1-NY# sh ip address
System IP Addresses:
Interface                Name                   IP address      Subnet
mask     Method
Ethernet0                outside                xx.xx.57.54 255.255.255.192 CONFIG
Ethernet1                inside                 192.168.1.1 255.255.255.0   CONFIG
Current IP Addresses: 
Interface                Name                   IP address      Subnet mask     Method

Here all is empty...

To prevent your next questions guys here goes my config:

======================================================================

cspix515-fw1-NY# sh run
: Saved
:
PIX Version 7.1(2)
!
hostname cspix515-fw1-NY
domain-name MY.TLD
enable password HIDE encrypted
names
!
interface Ethernet0
 nameif outside
 security-level 0
 ip address xx.xx.57.54 255.255.255.192
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
passwd HIDE encrypted
boot system flash:/pix712.bin
ftp mode passive
clock timezone ET -5
clock summer-time EST recurring
dns domain-lookup outside
dns server-group DefaultDNS
 name-server xx.xx.60.10
 domain-name MY.TLD
access-list 100 extended permit icmp any any echo
access-list 100 extended permit icmp any any echo-reply
access-list 100 extended permit tcp any any range ssh telnet
pager lines 24
logging enable
logging timestamp
logging buffer-size 8192
logging buffered debugging
logging trap informational
logging facility 21
logging host outside xx.xx.48.25
mtu outside 1500
mtu inside 1500
no failover
no asdm history enable
arp timeout 14400
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 xx.xx.57.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username quetzal password HIDE encrypted
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authentication serial console LOCAL
snmp-server host outside xx.xx.48.25 community HIDE
snmp-server host outside xx.xx.51.2 community HIDE
snmp-server host outside xx.xx.60.162 community HIDE
no snmp-server location
no snmp-server contact
snmp-server community HIDE
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet xx.xx.68.98 255.255.255.255 outside
telnet xx.xx.60.162 255.255.255.255 outside
telnet xx.xx.51.2 255.255.255.255 outside
telnet xx.xx.48.25 255.255.255.255 outside
telnet timeout 30
ssh xx.xx.68.98 255.255.255.255 outside
ssh xx.xx.60.162 255.255.255.255 outside
ssh xx.xx.51.2 255.255.255.255 outside
ssh xx.xx.48.25 255.255.255.255 outside
ssh timeout 60
ssh version 2
console timeout 30
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
ntp server xx.xx.48.24
ntp server xx.xx.51.2
ntp server xx.xx.60.162                                                                                 
ntp server xx.xx.60.3
Cryptochecksum:736500678a3372b54716aa00253ce4b1
: end

-- 
========================================================================= 
= Best regards, Nikolay Pavlov. <<<------------------------------------ = 
========================================================================= 


More information about the cisco-nsp mailing list